pool/sblim-sfcb
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity
Files
factory
sblim-sfcb/README.conf
Klaus Kämpf b62faaf0bb - Update to 1.4.8 
New features:
  - [sfcb-tix:#99] Add config property enableSslCipherServerPref
  - [sfcb-tix:#101] Add config property indicationCurlUseExpect100
  - [sfcb-tix:#102] Add config property indicationCurlHonorRedirect
  - [sfcb-tix:#105] Add config property embeddedObjectEncoding
  See README.conf for details about the new config properties
  Bugs fixed:
  - [sfcb-tix:#94] Increase sigChldWaitTime
  - [sfcb-tix:#95] Do not release pthread lock prior to stopBroker() exit
  - [sfcb-tix:#89] Gracefully handle providers doing abort()
  - [sfcb-tix:#96] Provider should close req handler on shutdown
  - [sfcb-tix:#98] sfcbmofpp segfaults if mof file ends with block comment without newline
  - [sfcb-tix:#100] Fix some compiler warnings & errors on newer distros
  - [sfcb-tix:#103] Unsafe usage of strncpy in providerRegister.c
- Patches dropped
  0009-Catch-SIGABRT.patch - upstream
  0011-Can-t-use-srcdir-in-TESTS.patch - upstream

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:wbem/sblim-sfcb?expand=0&rev=87
2014-03-28 11:44:34 +00:00

98 lines
4.2 KiB
Plaintext
Raw Permalink Blame History

There are a couple of new sfcb.cfg properties:
* sslDhParamsFilePath
supports the use of an external Diffie Hellman (DH) parameters file, and
sslEcDhCurveName allows the user to set the "curve name" for Elliptic
Curve Diffie Hellman (ECDH) key generation. These options can be used
with openssl cipher suites supporting "ephemeral" Diffie Hellman (DHE) key
exchange algorithms. Ephemeral key exchange enhances security by
decoupling the private key used to generate the session key, from the
private key associated with the server certificate. This provides
"forward secrecy" while maintaining a key exchange algorithm compatible
with a conventional RSA-based server certificate. See the .cfg file
comments for more info.
* SFCB_LABELPROCS
Perhaps the most fun new feature is SFCB_LABELPROCS. This will label each
SFCB process by adding some identifying information to the cmdline so that
it appears in 'ps' output. This provides an easy way to identify each
running SFCB process without having to rely on the "sfcb-ps.sh" or
"sfcbproc" utilities. This really enhances visibility and is a great
troubleshooting tool.
Further, when using the ps command's -T or H options, you can see a
labeled view with thread-level granularity, which is something you can't
really do with "sfcb-ps.sh" or "sfcbproc". (Individual threads are not
labeled per se; that is, each thread of a process has the same label. But
you can easily see which threads belong to which process, and you can see
the individual thread ids for each.)
For example, before starting sfcb:
$ export SFCB_LABELPROCS=100
Get a view of running sfcb processes:
$ watch 'ps -efT H | grep sfcb[d]'
Thanks to all who contributed to this release, especially Chris who fixed
up the SFCC issues and Klaus Kampf who made a big contribution to
LABELPROCS.
New features for 1.4.8
For new features: There is new config property
* enableSslCipherServerPref
which allows a fine adjustment in the
selection of cipher suite on the connection, by enforcing the server's
order of preference instead of the client's (as is the case by default).
In general, the selection of cipher suite is determined by the openssl
library based on the "cipher list" provided to the client and the
server. SFCB's cipher list is set using the "sslCiphers" config
property. Remember, you can use the openssl "s_client" tool to check
the actual cipher used on the connection, for a given configuration at
client and server. See the .cfg file comments for more info.
There a a couple of new properties to control the behavior of the
indication sender:
* indicationCurlUseExpect100
and
* indicationCurlHonorRedirect.
This will have little or no impact for
most environments but users should be aware we shut off curl's use of
the HTTP Expect:100-continue by default. This eliminates a short delay
on indication send that is not desirable unless Expect:100-continue
behavior is really being used. For those who do rely on this behavior
it can be reenabled with indicationCurlUseExpect100. It can be useful
in conjunction with HTTP redirect, for example, which can now be enabled
via the indicationCurlHonorRedirect property. See
https://sourceforge.net/p/sblim/sfcb-tix/101/ for more info.
On the aforementioned improvements: SFCB tix #94 is an attempt to reduce
the likelihood of shutdown hang due to an inter-thread signal being
missed, as can happen if shutdown occurs under particularly gnarly
conditions. #95 is a tweak that tends to prevent a (benign but)
annoying core dump at the end of shutdown. #89 improves providerDvr's
handling and recovery when providers crash, making a req handler less
likely to hang. And #96 is an attempt to also not hang a req handler
when there is a request outstanding at shutdown, which can in fact hang
the whole shutdown.
Because these changes reduce but do not entirely eliminate the
possibility of a req handler hang, it is determined we ultimately need
some sort of configurable req handler timeout. This is under
development but will have to wait until the next release! Watch this
space for updates: https://sourceforge.net/p/sblim/sfcb-tix/97/.
Thanks to Klaus from Novell for goals/assists on all of the new shutdown
patches! And thanks to the others who contributed to this release.
Reference in New Issue View Git Blame Copy Permalink